Mozilla

Mozilla

Mozilla Foundation Security Advisory 2005-19

Autocomplete data leak

Announced
February 24, 2005
Reporter
Matt Brubeck
Risk
Moderate
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 1.0.1

Description

As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.

Workaround

Turn off the Form Fill feature.

References